Splunk acquires network observability service Flowmill

Data platform Splunk continues to make acquisitions as it works to build out its recently launched observability platform. After acquiring Plumbr and Rigor last month, the company today announced that it has acquired Flowmill, a Palo Alto-based network observability startup. Flowmill focuses on helping its users find network performance issues in their cloud infrastructure in real time and measure their traffic by service to help them control cost.

Like so many other companies in this space now, Flowmill utilizes eBPF, the Linux kernel’s relatively new capability to run sandboxed code inside it without having to change the kernel or load kernel modules. That makes it ideal for monitoring applications.

“Observability technology is rapidly increasing in both sophistication and ability to help organizations revolutionize how they monitor their infrastructure and applications. Flowmill’s innovative NPM solution provides real-time observability into network behavior and performance of distributed cloud applications, leveraging extended Berkeley Packet Filter (eBPF) technologies,” said Tim Tully, Splunk’s chief technology officer. “We’re excited to bring Flowmill’s visionary NPM technology into our Observability Suite as Splunk continues to deliver best-in-class observability capabilities to our customers.”

While Spunk has made some larger acquisitions, including its $1.05 billion purchase of SignalFx, it’s building out its observability platform by picking up small startups that offer very specific capabilities. It could probably build all of these features in-house, but the company clearly believes that it has to move fast to get a foothold in this growing market as enterprises look for new observability tools as they modernize their tech stacks.

“Flowmill’s approach to building systems that support full-fidelity, real-time, high-cardinality ingestions and analysis aligns well with Splunk’s vision for observability,” said Flowmill CEO Jonathan Perry. “We’re thrilled to join Splunk and bring eBPF, next-generation NPM to the Splunk Observability Suite.”

The companies didn’t disclose the purchase price, but Flowmill previously raised funding from Amplify, Felicis Ventures, WestWave Capital and UpWest.

Australia’s spy agencies caught collecting COVID-19 app data

Australia’s intelligence agencies have been caught “incidentally” collecting data from the country’s COVIDSafe contact tracing app during the first six months of its launch, a government watchdog has found.

The report, published Monday by the Australian government’s inspector general for the intelligence community, which oversees the government’s spy and eavesdropping agencies, said the app data was scooped up “in the course of the lawful collection of other data.”

But the watchdog said that there was “no evidence” that any agency “decrypted, accessed or used any COVID app data.”

Incidental collection is a common term used by spies to describe the data that was not deliberately targeted but collected as part of a wider collection effort. This kind of collection isn’t accidental, but more of a consequence of when spy agencies tap into fiber optic cables, for example, which carries an enormous firehose of data. An Australian government spokesperson told one outlet, which first reported the news, that incidental collection can also happen as a result of the “execution of warrants.”

The report did not say when the incidental collection stopped, but noted that the agencies were “taking active steps to ensure compliance” with the law, and that the data would be “deleted as soon as practicable,” without setting a firm date.

For some, fears that a government spy agency could access COVID-19 contact tracing data was the worst possible outcome.

Since the start of the COVID-19 pandemic, countries — and states in places like the U.S. — have rushed to build contact tracing apps to help prevent the spread of the virus. But these apps vary wildly in terms of functionality and privacy.

Most have adopted the more privacy-friendly approach of using Bluetooth to trace people with the virus that you may have come into contact with. Many have chosen to implement the Apple-Google system, which hundreds of academics have backed. But others, like Israel and Pakistan, are using more privacy invasive techniques, like tracking location data, which governments can also use to monitor a person’s whereabouts. In Israel’s case, the tracking was so controversial that the courts shut it down.

Australia’s intelligence watchdog did not say specifically what data was collected by the spy agencies. The app uses Bluetooth and not location data, but the app requires the user to upload some personal information — like their name, age, postal code, and phone number — to allow the government’s health department to contact those who may have come into contact with an infected person.

Australia has seen more than 27,800 confirmed coronavirus cases and over 900 deaths since the start of the pandemic.

A bug meant Twitter Fleets could still be seen after they disappear

Twitter is the latest social media site to allow users to experiment with posting disappearing content. Fleets, as Twitter calls them, allows its mobile users post short stories, like photos or videos with overlaying text, that are set to vanish after 24 hours.

But a bug meant that fleets weren’t deleting properly and could still be accessed long after 24 hours had expired. Details of the bug were posted in a series of tweets on Saturday, less than a week after the feature launched.

The bug effectively allowed anyone to access and download a user’s fleets without triggering a notification that the user’s fleet had been read and by whom. The implication is that this bug could be abused to archive a user’s fleets after they expire.

Using an app that’s designed to interact with Twitter’s back-end systems via its developer API. What returned was a list of fleets from the server. Each fleet had its own direct URL, which when opened in a browser would load the fleet as an image or a video. But even after the 24 hours elapsed, the server would still return links to fleets that had already disappeared from view in the Twitter app.

When reached, a Twitter spokesperson said a fix was on the way. “We’re aware of a bug accessible through a technical workaround where some Fleets media URLs may be accessible after 24 hours. We are working on a fix that should be rolled out shortly.”

Twitter acknowledged that the fix means that fleets should now expire properly, it said it won’t delete the fleet from its servers for up to 30 days — and that it may hold onto fleets for longer if they violate its rules. We checked that we could still load fleets from their direct URLs even after they expire.

Fleet with caution.

Google plans to test end-to-end encryption in Android messages

For the past year and a half, Google has been rolling out its next-generation messaging to Android users to replace the old, clunky, and insecure SMS text messaging. Now the company says that rollout is complete, and plans to bring end-to-end encryption to Android messages next year.

Google’s Rich Communications Services is Android’s answer to Apple’s iMessage, and brings typing indicators, read receipts, and you’d expect from most messaging apps these days.

In a blog post Thursday, Google said it plans to roll out end-to-end encryption — starting with one-on-one conversations — leaving open the possibility of end-to-end encrypted group chats. It’ll become available to beta testers, who can sign up here, beginning later in November and continue into the new year.

End-to-end encryption prevents anyone — even Google — from reading messages as they travel between sender and the recipient.

Google dipped its toes into the end-to-end encrypted messaging space in 2016 with the launch of Allo, an app that immediately drew criticism from security experts for not enabling the security feature by default. Two years later, Google killed off the project altogether.

This time around, Google learned its lesson. Android messages will default to end-to-end encryption once the feature becomes available, and won’t revert back to SMS unless the users in the conversation loses or disables RCS.

Strava raises $110 million, touts growth rate of 2 million new users per month in 2020

Activity and fitness tracking platform Strava has raised $110 million in new funding, in a Series F round led by TCV and Sequoia, and including participation by Dragoneer group, Madrone Capital Partners, Jackson Square Ventures and Go4it Capital. The funding will be used to propel the development of new features, and expand the company’s reach to cover even more users.

Already in 2020, Strava has seen significant growth. The company claims that it has added more than 2 million new “athletes” (how Strava refers to its users) per month in 2020. The company positions its activity tracking as focused on the community and networking aspects of the app and service, with features like virtual competitions and community goal-setting as representative of that approach.

Strava has 70 million members, according to the company, with presence in 195 countries globally. The company debuted a new Strava Metro service earlier this year, leveraging the data it collects from its users in an aggregated and anonymized way to provide city planners and transportation managers with valuable data about how people get around their cities and communities — all free for these governments and public agencies to use, once they’re approved for access by Strava.

The company’s uptick in new user adds in 2020 is likely due at least in part to COVID-19, which saw a general increase in the number of people pursuing outdoor activities, including cycling and running, particularly at the beginning of the pandemic when more aggressive lockdown measures were being put in place. As we see a likely return of many of those more aggressive measures due to surges in positive cases globally, gym closures could provoke even more interest in outdoor activity — though winter’s effect on that appetite among users in colder climates will be interesting to watch.

Strava’s app is available free on iOS and Android, with in-app purchases available for premium subscription features.

DoorDash files to go public

After filing earlier this year, DoorDash dropped its public S-1 filing this morning, bringing clarity to its numbers and moving it closer to a public debut that should happen before the end of the year.

The company is one of several startups that we expect to see IPOs from before the year ends, despite some recent market chop and election chaos in the United States.

DoorDash is a heavily-backed company, with Crunchbase reporting that the food-delivery giant has accessed around $2.5 billion in capital during its life, most recently in a $400 million round this June. At the time, DoorDash was valued at a towering $16 billion, post-money, giving the company big valuation shoes to fill when it prices its IPO and begins to trade.

What follows is a brief rundown of its numbers. The TechCrunch crew will be digging through the IPO filing all morning, so expect more coverage on ownership, legal risks and other details soon. Let’s go!

The numbers

DoorDash has grown incredibly rapidly, scaling its revenues from $291 million in 2018 to $885 million in 2019. And more recently, from $587 million in the first nine months of 2019 to $1.92 billion in the same period of 2020.

That is 226% growth in 2020 thus far, the sort of expansion that explains why DoorDash was able to attract so much capital at such high prices.

How high-quality is DoorDash’s revenue? In the first three quarters of 2019, the company had gross margins of 39.9%, and in the same period of 2020 the figure rose to 53.1%, a huge improvement for the consumer consumable delivery confab.

The result of DoorDash’s epic growth, and gross margin improvement, has been radically improving profitability. The company’s operating loss fell from $479 million in the first nine months of 2019 to just $131 million in the same period of 2020. DoorDash’s net losses are slightly worse — $533 million and $149 million over the same time frames, respectively — but, again, compared to the company’s topline growth and revenue quality improvements, are inconsequential.

DoorDash has around $1.6 billion in cash and equivalents heading into the fourth quarter, meaning that it has ample cash to fund itself, sans an IPO. The company is therefore going out because it thinks the time is ripe.

Driving DoorDash’s epic growth has been a huge boom in the company’s order volumes and gross order volumes, while its gross margins appear driven by an epic gain in the profitability of the company’s core activity. Observe the following data set:

Screenshot from DoorDash’s S-1

The 2019 to 2020 change in contribution margin at DoorDash, and its jump into positive-adjusted EBITDA, makes one wonder why Uber is struggling to accomplish the same task with its Uber Eats business. Regardless, the flip into adjusted profitability should be enough to allay Wall Street concerns about DoorDash’s path to eventual GAAP profits.

At that trajectory it can get the job done in a year or so.

And DoorDash’s operations have flipped into the cash-generating territory, with the company reporting operating cash flow of $315 million during the first three quarters of 2020, up from -$308 million in the same period of 2019.

Overall I am impressed at first blush. The company is bigger, growing more quickly and losing less money than I expected. Throw in cash generation and adjusted EBTIDA positivity and improving gross margins, and DoorDash could be worth a pretty penny. Without recurring revenues akin to a software company, and the possibility of a vaccine slowing its future growth, DoorDash won’t get a SaaS multiple when it prices. But perhaps defending that $16 billion valuation won’t be as hard as we might have guessed before getting our hands on the numbers.

More to come. Stick with TechCrunch.

L’Oréal rolls out a line of ‘virtual makeup’

Selfie filters have improved immensely over the past several years, but companies on the forefront of the tech see plenty of room to grow.

The cosmetics world has also seen some rapid change in the past several years as makeup has proven particularly ripe for up-and-coming direct-to-consumer and influencer-endorsed brands to take hold. Plenty of legacy brands have seen their revenues decimated, while others have proven resilient by leaning into new tech and sales channel trends.

Back in 2018, L’Oréal made the interesting decision to buy an augmented reality filter company called Modiface. Fast forward to 2020 and they’ve opted to roll out a line of “virtual makeup” selfie filters. The “Signature Face” filters show off eye makeup, lipsticks, and hair products from the company.

They’ve gone fairly wide with the rollout supporting Instagram, Snapchat, Snap Camera and Google Duo. Snap Camera support in particular enables the selfies to be used across plenty of video chat services like Houseparty and Zoom, L’Oréal is marketing these selfies as a way to spice up your look on video calls specifically. You can check our more details on where you can use the filters on their site.

In terms of the filters themselves, there’s nothing terribly more advanced about them than the makeup-centric selfie filters that have been floating around Snapchat for years, but it is interesting to see such a substantial brand leaning in so heavily and pitching this idea where people use selfie filters during video calls in a non-gimmicky way. It’s not clear whether the technology or consumer habits are there yet but it’s certainly plausible that things could move in that direction, especially as social media apps begin a more-focused drive towards becoming commerce platforms.

To own an AR future, Niantic wants to build a smarter map of the world

Niantic is continuing to bet heavily on the idea that it knows where consumer computing is headed, namely augmented reality. The game development startup behind Pokémon Go has some good company with companies like Apple, Facebook and Snap making similar bets, but stakes are high for the studio which hopes it can build an early advantage in foundational AR infrastructure and bring third-party developers on board, edging out efforts from companies that are quite a bit larger.

Niantic’s experiments are still being bankrolled by their 2016 first-party hit Pokémon Go, which SensorTower estimates is having its best year ever in 2020. A report from the firm suggests that the title has pulled in more than $1 billion in revenue since the start of the year, a marked increase since 2019 that might be surprising given the social effects of a global pandemic. Those revenues have allowed Niantic to be one of the more active acquirers in the AR infrastructure space, buying up small buzzy AR startups like Escher Reality, Matrix Mill and, most recently, 6D.ai.

That latest purchase in particular has acted as a signal for what the company’s next plans are for its augmented reality platform. 6D.ai was building cloud AR mapping software with companies like Airbnb among its early customers. The tech allowed users to quickly gather 3D information of a space just by holding up their phone to the world. Since the acquisition, Niantic has been integrating the tech into their developer platform and have been aiming to juice the technology with their own advances in semantic understanding so that they can not only quickly gather what the geometry of a space looks like, but also peer into the context of what the objects are that makes up that 3D mesh.

“We ultimately have this vision that for an AR experience, everything has to come together for it to be really magical,” Joel Hesch, Niantic’s Senior Director of Engineering, told TechCrunch. “You want precise location information so that you can see content in the right location and experience things together with others who are in the same location. You want the geometric information for things like occlusion or physics interactions. And you want to know about what things mean from a semantic perspective so that your characters can interact with the world in an intelligible way.”

While they’ve been building out the tech, they’ve also been pushing users to try it out. Niantic has been urging Pokémon Go players to actively capture videos of certain landmarks and destinations, visual data from which is fed back into bulking up models and improving experiences for subsequent users. As users gain access to more advanced tech like the LiDAR sensor inside the new iPhone 12 Pro, it’s likely that Niantic will gain access to more quality data themselves.

The ultimate goal of this data collection, the startup says, is to build an ever-updating 3D map of the world. Their latest tech allows them to peer into this map and distinguish what types of objects and scenes are in these scans, distinguishing buildings from water from the sky. The real question is how useful all of this data will actually prove to be in practice, compared to more high-level geographic insights like the Google Maps API .

Though the company has been talking about their Real World Platform since 2018, they’ve been slow to officially expand it as the enthusiasm behind phone-based AR has seemed to recede since Apple’s initial unveil of ARKit in 2017 prompted a groundswell of attention in the space. “We’ve primarily been focused on first party games and applications, but we are very excited about extending the platform to be something that more people can use,” Hesch says.

For Niantic and other companies that are bullish on an AR future, their best bet seem to be quietly building and hoping that their R&D will give them a years-long advantage when the technology potentially starts landing more consumer hits.

Josh.ai launches a ‘nearly invisible’ Amazon Echo competitor that’s the size of a coin

In the past several weeks we’ve seen refreshes and product expansions from about every facet of the smart home virtual assistant world. Apple launched the HomePod Mini, Google offered a long-overdue refresh of the Google Home, and Amazon found even more speaker shapes to shove Alexa into.

Today, we’re getting an addition from a startup competitor. Josh.ai has aimed to build out a niche in the space by building a smart assistant product that’s designed to be professionally installed alongside other smart home wares and they announced a new product this afternoon.

The device, Josh Nano, fully buys into a more luxury home-focused niche with a low-profile device that appears to be a little bit bigger than a half-dollar, though the bulk of the device is embedded into the wall itself and wired back to a central unit via power-over-ethernet. The device bundles a set of four microphones eschewing any onboard speaker, instead opting to integrate directly with a user’s at-home sound system. Josh boasts compatibility with most major AV receiver manufacturers in addition to partnerships with companies like Sonos . There isn’t much else to the device, a light for visual feedback, a multi-purpose touch sensor, and a physical switch to cut power to the onboard microphones in case users want extra peace of mind.

Image via Josh.ai

The aim of the new hardware is to hide the smart features of a home and move away from industry standard touch screen hubs with dated interfaces. By stripping down a smart home product to its essential feature, Josh.ai hopes it can push more users to buy in more fully with confidence that subsequent hardware releases won’t render their devices outdated and ugly. The startup is taking pre-orders for the device (available in black and white color options) now and hopes to start shipping early next year.

Powering these devices is a product the company calls Josh Core, a small server which basically acts as a hub for everything Josh talks to in a user’s home, ensuring that interactions between smart home devices can occur locally, minimizing external requests. The startup will also continue selling its previously released Josh Micro which integrates a dedicated speaker into the wall-mounted hardware.

Though Josh.ai partners directly with professional installers on the hardware, the startup has been scaling as a software business, offering consumers a license to their technology on an annual, 5-year or lifetime basis. The price of that license also differs depending on what size home they are working with, with “small” rollouts being classified as homes with fewer than 15 rooms. In terms of hardware costs, Josh.ai says that pricing varies but for most jobs, the average cost for users works out to be something like $500 per room.

Massive tech companies naturally design their products for massive audiences. For startups like Josh.ai this fact provides an in-road to design products that aren’t built for the common needs of a billion users. In fact, the selling point for plenty of their customers comes largely from the fact that they aren’t buying devices from Google, Amazon or Apple and hard-wiring microphones that feed back to them inside their home.

Though 95% of the startup’s business today focuses on residential, going forward, the company is also interested in scaling how their tech can be used in commercial scenarios like conference rooms or even elevators, the startup tells me.

Software companies are reporting a pretty good third quarter

What a difference a week makes.

This time last week, in the wake of earnings from tech’s five largest American companies and early results from other software companies, it appeared that tech shares were in danger of losing their mojo.


The Exchange explores startups, markets and money. Read it every morning on Extra Crunch, or get The Exchange newsletter every Saturday.


But then, this week’s rally launched, and more earnings results came in. Generally speaking, the Q3 numbers from SaaS and cloud companies have been medium-good, or at least good enough to protect historically stretched valuations when comparing present-day revenue multiples to historical norms.

This is great news for yet-private startups that have had to deal with a recession, an uneven and at-times uncertain funding market, an election cycle and other unknowns this year. Wrapping 2020 with a market rally and strong earnings from public comps should give private software companies a halo heading into the new year, assisting them with both fundraising and valuation defense.

Of course, there’s still a lot more data to come in, markets are fickle and many SaaS companies will report next month, having a fiscal calendar offset by a month from how you and I track the year. But after spending time on the phone this week with JFrog’s CEO, BigCommerce’s CEO and Ping Identity’s CFO, I think things are turning out just fine.

Let’s get into what we’ve learned.

Growth and expectations

Kicking off, Redpoint’s Jamin Ball, a venture capitalist who unconsciously moonlights as the research desk for the The Exchange during earnings season, has a roundup of earnings results from this week’s set of SaaS and cloud stocks that reported. As you will recall, last week we were slightly unimpressed by its cohort of results.

Here’s this week’s tally:

As we can see, there was a single miss amongst the group in Q3. Unsurprisingly, that company, SurveyMonkey, was also one of three SaaS companies to project Q4 revenue under street expectations. My read of that chart is seeing a little less than 80% of the group that did project Q4 guidance that bests expectations is bullish, as were the Q3 results, which included a good number of companies that topped targets by at least 10%.

Inside of the data are two narratives that I want to explore. The first is about COVID-related friction, and the second is about COVID-related acceleration. Every company in the world is experiencing at least some of the former. For example, even companies that are seeing a boom in demand for their products during the pandemic must still deal with a sales market in which they cannot operate as they would like to.

For software companies, reportedly in the midst of a hastening digital transformation, the question becomes whether or not the COVID’s minuses are outweighing its pluses. We’ll explore the matter through the lens of three companies that The Exchange spoke with this week after they reported their Q3 results.

Ping Identity

Of our three companies this week, Ping Identity had the hardest go of it; its stock fell sharply after it dropped its Q3 numbers, despite beating earnings expectations for the period.

The company’s revenue fell 3%, while its annual recurring revenue (ARR) rose by 17%. Why did its stock fall if it came in ahead of expectations? You could read its Q4 guidance as slightly soft. In the above chart it’s marked as a slight beat, but its low-end came in under analyst expectations, creating the possibility of a projected miss.

Investors, betting on Ping’s move to SaaS being accretive both now and in the long-term, were not stoked by its Q4 forecast.